Commit graph

1205 commits

Author SHA1 Message Date
Swissky
6b1c98010d Merge pull request #10 from melvinsh/master
Add CSRF to OAuth2
2017-10-16 09:55:31 +02:00
Melvin Lammerts
59971e95d2 Add CSRF to OAuth2
Not sure if it qualifies as a _payload_ but I'll let you be the judge of that :)
2017-10-16 08:41:43 +02:00
Swissky
d16aec6f6a Tomcat CVE-2017-12617 2017-10-10 10:19:14 +02:00
Swissky
a2d5fe5cad Upload .htaccess to PHP code exec 2017-10-09 23:17:31 +02:00
Swissky
6ad7965efc SSRF AWS + Shell.php{3,4,5,7} 2017-09-27 14:37:07 +02:00
Swissky
87ef554e40 LFI to RCE via input:// stream 2017-09-24 00:37:56 +02:00
Swissky
3e6043be32 LFI - PHPSessid technique, more bypass and files 2017-09-24 00:32:55 +02:00
Swissky
278a130940 Command Exec - ``, $() and more bypasses 2017-09-23 23:30:40 +02:00
Swissky
e7cb8a2ce1 SSRF - Gopher Protocol 2017-09-19 20:35:18 +02:00
Swissky
1ca215d5d7 Multiple update - LFI/RCE via phpinfo, Struts2 v2 2017-09-13 23:55:29 +02:00
Swissky
c36d31ec5d LFI via /proc/*/fd + upload 2017-08-15 02:37:09 +02:00
Swissky
901d279fb3 RCE no {}, no space 2017-08-13 16:35:12 +02:00
Swissky
9adb81e6d8 SSRF URL Scheme + XXE Soap 2017-08-07 21:42:14 +02:00
Swissky
91e3c6906c Merge pull request #7 from rakeshmane/master
Update README.md
2017-08-07 19:29:35 +02:00
Rakesh Mane
6e42b617cc Update README.md 2017-08-07 21:22:36 +05:30
Swissky
dad26ce5e5 More Burp Intruder file - SQLi + Path traversal + XSS 2017-08-06 01:12:41 +02:00
Swissky
694b980817 Merge branch 'master' of https://github.com/swisskyrepo/PayloadsAllTheThings 2017-08-03 21:36:38 +02:00
Swissky
635b9f87f7 Reverse Shell Cheatsheet 2017-08-03 21:35:43 +02:00
Swissky
9c9e1cc082 Merge pull request #6 from unl1k3ly/patch-1
Update README.md
2017-08-01 11:43:11 +02:00
unl1k3ly
be624c99ca Update README.md
check bucket disk size
2017-08-01 08:37:04 +10:00
Swissky
af48fc1ed4 More intruders folder - for BurpSuite 2017-07-30 13:42:32 +02:00
Swissky
8a3693855f XSS Intruder + Eicar + SSRF http://0 2017-07-30 13:17:00 +02:00
Swissky
064467ecfc SSTI + XSS Flash 2017-07-16 16:30:08 +02:00
Swissky
77e2fc8226 LDAP & XPATH injection + Small fixes and payloads 2017-07-14 23:40:31 +02:00
Swissky
9907a55c24 Image Magick - More payloads 2017-07-09 17:16:42 +02:00
Swissky
c4b49fa5ac Open Redirect Payloads updated 2017-07-06 21:02:19 +02:00
Swissky
6070ece522 Symbolic Link Zip + SQL injection ORDER BY 2017-07-04 23:17:59 +02:00
Swissky
a1fbd41bbb Wrapper PHP inclusion updated 2017-07-02 23:10:34 +02:00
Swissky
ab63a537e7 FFMpeg injection - Bypass and explanation 2017-06-28 22:45:36 +02:00
Swissky
240e46e1e1 XXE via DTD and PHP Filter 2017-06-28 21:43:30 +02:00
Swissky
43f8367df0 Update Image Tragick payloads 2017-06-28 11:23:16 +02:00
Swissky
220e9cb8bd FFMpeg HLS - read passwd/shadow 2017-06-26 21:32:10 +02:00
Swissky
d97cb891df AWS Bucket : Listings open bucket/reading and access 2017-06-18 18:42:12 +02:00
Swissky
f131aebce4 SSRF updates and methodology aquatone tool 2017-06-17 23:20:24 +02:00
Swissky
7c865ab8aa CVE Struts RCE + AWS ls + RCE spaceless Windows + Methodology updated 2017-06-05 14:57:28 +02:00
Swissky
2e75cbe25a Git insecure files renamed + svn method added 2017-06-04 17:58:09 +02:00
Swissky
94470a2544 More payloads for XSS/SQL/LFI/Upload and XXE 2017-06-04 17:22:26 +02:00
Swissky
58aed12c9d CRLF injection updated 2017-05-29 20:41:05 +02:00
Swissky
e89e4fd312 Methodology updated with RPCClient, User enumeration 2017-05-17 20:40:45 +02:00
Swissky
62f686dc1f Methodology updated - Dorks, Subdomains, Nmap 2017-05-01 22:40:36 +02:00
Swissky
00be7d958c README : Bug bounty added 2017-04-25 23:22:55 +02:00
Swissky
85b62cee39 README update : more books and tools 2017-04-08 15:59:40 +02:00
Swissky
d21dcdd463 Merge pull request #3 from sokaRepo/master
Add Jinja Template injections
2017-04-01 17:57:12 +02:00
Soka
bb98bd9339 Add Template injections + Jinja template injection 2017-04-01 18:53:43 +03:00
Soka
76b15d575e Add Template injections + Jinja template injection 2017-04-01 18:48:44 +03:00
Swissky
b57c7c9e3d README - Youtube references 2017-03-30 20:24:48 +02:00
Swissky
9211d40871 Methodology - The Harvester + Checklist v2 2017-03-30 20:20:52 +02:00
Swissky
7e739b02ad Methodology - The Harvester + Checklist 2017-03-26 20:51:40 +02:00
Swissky
3d917be066 Methodology - Burp config + Nikto 2017-03-26 20:40:32 +02:00
Swissky
af01b04a30 Methodology update - design + nmap 2017-03-26 18:00:23 +02:00